anyweb

verify the firewall is off on the client for testing, does your client have the configmgr client installed ?

Steven Sinofsky has said that Windows 7 will enter the "release to manufacturing" stage in about three months from now, meaning August '09. This means that the actual Windows 7 release would be well in time for the holiday season. " If the feedback and telemetry on Windows 7 match our expectations then we will enter the final phases of the RTM process in about 3 months. If we are successful in that, then we tracking to our shared goal of having PCs with Windows 7 available this Holiday season."

When you run Windows 7 with the default UAC level, a technique using code injection and several components in Windows 7 that can auto-elevate can totally own your system. Microsoft gave several components in Windows 7 special privileges (like notepad.exe and calc.exe) in order to reduce the amount of UAC prompts in Windows. The end result, however, is that these components can be used to bypass UAC completely, and basically get full access to your machine. This works even on the RC. The proof-of-concept exploit works by injecting its own code into the memory of another process, a process with auto-elevation capabilities. This is done using standard and documented APIs. The first proof-of-concept just copied a file to a location, but further editions could do all sorts of nasty things - and ASLR doesn't help either. This video should give you a good idea. Whiskey tango foxtrot, indeed. As the writer of the proof-of-concept code explains, the UAC API is a good API, but code does require refactoring to provide a good user experience; to not flood users with prompts. Microsoft did not do this right in Vista, and instead of addressing this issue properly in Windows 7, they took the easy way out by creating UAC backdoors for their own code and programs (the UAC whitelist) as to reduce the number of prompts. This list isn't configurable by the user. Full story and more via > http://www.osnews.com/story/21499/Why_Wind...UAC_Is_Insecure

Expand the Software Updates node in ConfigMgr and right click on Update Repository, choose Run Synchronisation. answer Yes when prompted

Step 5. Install the WSUS server as a site system in SCCM Expand the Site Database, Site Management, Site Settings node in ConfigMgr, and then expand Site systems. Right click and choose New, Server. when the new site system server wizard appears enter your details like below paying close attention to the FQDN field Note: When the computer account for the site server has access to the site system server and the site is in mixed mode, the settings on this page are optional. When the computer account does not have access to the site system server or when the site is in native mode, the following settings should be configured: Specify a fully qualified domain name (FQDN) for this site system on the intranet: This setting must be configured for the active software update point site system when the site server is in native mode or when it is in mixed mode and uses Secure Sockets Layer (SSL). By default, this setting must be configured. Specify an Internet-based fully qualified domain name for this site system: This setting must be configured for the active software update point if it accepts Internet-based client connectivity or for the active Internet-based software update point site system. Use another account for installing this site system: This setting must be configured when the computer account for the site server does not have access to the remote site system. Allow only site server initiated data transfers from this site system: This setting must be specified when the remote site system does not have access to the inboxes on the site server. This allows a site system from a different domain or forest to store the files that need to be transferred to the site server. The site server will periodically connect to the remote site system and retrieve the files. The Internet-based software update point might require this setting to be enabled. Note: you may mistakenly enter something like wsus.windows-noob.local which would be wrong, it needs the FQDN which would be wsus.sccm2007.windows-noob.local, a simple PING test to the FQDN will resolve any confusion. Select Software Update Point as the site role and click next enter your proxy settings if you have any then click next for Active Software Update Point, select the checkbox as below click next and verify your synchronisation source leave synch schedule on 7 days leave the classifications as they are *we can change them later if needed* select your products, be careful to only select what you need or it wil take forever to download everything... select your desired language (i chose english only) review the summary and click next and then close. On the ConfigMgr server, you should now see the newly added site system.

Step 4. Make the SCCM computer account a member of local administrators on your WSUS server On the WSUS server, startup Server Manager and expand Configuration and bring up Local Users and Groups. Click on Groups and then Double click on Administrators and click on Add. For 'Select This Object Type' click on Object Types, enter your administrative credentials if asked. For object types, select computers and click ok. click on Advanced and then Find Now Select the SCCM computer object from the list and click ok, this is important as we want to grant our SCCM server access to control the WSUS server, failure to do this will result in ConfigMgr Status Error Messages in the SMS_SITE_COMPONENT_MANAGER log. click ok again twice. Note: for troubleshooting purposes here is what the log would say if you fail to do the above. once you have configured the site systems computer account to be an administrator of the WSUS server, the site_component_manager will reattempt to install the site system after 60 minutes, and when successful you will see the following message in the SMS_SITE_COMPONENT_MANAGER log.

are you using windows SIM to create the xml file or are you doing it another way ?

have you captured the image yet or are you planning on capturing it after you've succeeded in sysprepping it ? please review this detailed post on Sysprepping Windows Vista what you probably want is sysprep /oobe /shutdown

try it in <settings pass="specialize"> cheers anyweb

as a test point it to the X64 boot file could be that the bios is reporting 64bit capable...

the built-in Administrator account is disabled by default but by adding the following command to your AutoUnattend.xml answer file using Windows System Image Manager (Windows SIM) or any text editor we should be able to enable it. <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <AutoLogon> <Password> <Value>windows-noob</Value> <PlainText> true</PlainText> </Password> <Username> Administrator</Username> <Enabled> true</Enabled> <LogonCount> 5</LogonCount> </AutoLogon> <UserAccounts> <AdministratorPassword> <Value>windows-noob</Value> <PlainText> true</PlainText> </AdministratorPassword> </UserAccounts> </component>

is option 66 pointing to the ip of the WDS server ? have you tried setting option 67 to boot\x86\wdsnbp.com instead of your current value =?

its easy to do but you need to first decide if you want to deploy software to USERS or COMPUTERS the recommended way is to deploy software to COMPUTERS otherwise things can get messy (think one user using multiple computers...) you will also have to enable Active Directory Discovery using the following two Discovery Methods in SCCM Active Directory System Group Discovery Active Directory Security Group Discovery once done... in Active directory you need to setup a structure for this, You will need to create some Active Directory Security Groups, and then create an OU in Active Directory and call it Applications Group now, you need to create your corresponding Collections in SCCM, so lets create three new collections Office 2003 Computers in the Office 2003 Security Group Users in the Office 2003 Security Group The two sub collections will have separate queries to determine their contents: The query for Computers in the Office 2003 Security Group shall be select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM .SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "SCCM2007\\Office 2003 Users" so from the above, SCCM2007=your domain and Office 2003 Users is the Active Directory Sercurity Group you added Computer Objects to. Note: To define collection queries please read this post The query for Users in the Office 2003 Security Group shall be select SMS_R_USER.ResourceID,SMS_R_USER.ResourceType,SMS_R_USER.Name,SMS_R_USER.UniqueU serName,SMS_R_USER.WindowsNTDomain from SMS_R_User where UserGroupName = "sccm2007\\Office 2003 Users" Now you can target these sub collections with software to install, so in this case you would target the collections above with an advertisement to install Microsoft Office 2003. once done, you can start adding computer or user objects to the respective Active Directory Group in active directory, and based on your Discovery Methods schedule they will appear within the correct Collection and based on the collection they are in they will receive the correct advertisement, as this is a common question, I have renamed the topic, and pinned it. Related steps: How can I deploy an application using SCCM 2007 SP1 ? How can I target an application to specific hardware using SCCM 2007 SP1 ? how can I deploy Windows Vista SP1 using SCCM 2007 SP1 ? how can I deploy Windows XP SP3 using SCCM 2007 SP1 ? how can I deploy Windows Server 2008 using SCCM 2007 SP1 ? cheers anyweb

sccm can handle all this and utilise Wake up on lan also, so are you utilising SCCM or SMS =?

zero touch means no one has to touch the machine getting imaged. light touch means someone does have to touch it, so what are you referring to exaclty ?

is there a switch of any sort in between the server and client ? if so try removing it to rule out the switch... secondly is the client also virtual or is it real, if it's real is it 32bit or 64bit ?

normally if you are installing a server OS you would install it on hardware that is sold to be a server, have you tried installing the Windows VISTA chipset and network drivers for this HP ? the vista drivers should work just fine....

ah ok, see below (taken from my SCCM 2007 setup but you should get the idea) :-

are you saying you cannot see the attachments or what ?

I would certaintly separate the roles (isa/sccm) but.. I have never installed sccm on an ISA server so cannot comment, but common sense would tell me not to do it... so, try a fresh install using only SMSadmin to do the install/configuration and all, the SMSadmin account should be a domain user who has local administrative privaledges on the computer running SCCM

The official stance from Microsoft has always been that Windows 7 would be released three years after Vista, which would put its release date somewhere in January 2010. However, various rumours already indicated a release ahead of that schedule, and if the beta and RC are anything to go by, they could release it today and get away with it. Microsoft seems to have realised this, as it has now said it will release Windows 7 in time for the 2009 holiday season. It was Bill Veghte, senior vice president of the Windows Business at Microsoft, who was the one to break the news during Microsoft TechEd North America 2009. Both Windows 7 and Windows Server 2008 R2 will be released onto the world in time for the 2009 holiday season, which puts its release in December at the latest. Microsoft did not mention a specific date of release. Apart from moving the release date forward about a month, this also means that Windows Server 2008 R2 will arrive alongside Windows 7, while the company previously stated that Server 2008 R2 would arrive some time after Windows 7. more > http://arstechnica.com/microsoft/news/2009...oliday-2009.ars via > http://www.osnews.com/story/21470/Microsof...Before_Holidays

it's normal that you create the account yourself, once created, always log in with that account for the entire installation of SCCM from start to finish. do you have any other errors in sccm ?

before running sysprep, logon as Administrator then remove any un-needed accounts, then run sysprep

if the server will be a DC and SCCM all in one, then you can make the SCCM admin user (SMSAdmin) a member of the Domain Admins group, this would be ok for a LAB but it would be far better to separate the roles out onto different servers,

hi, does the user you are installing SCCM with have local administrator permissions on the server ?